freessl 免费https证书申请

1. https://freessl.cn/

2. 输入域名和邮箱

3. 选“文件验证” 和 “浏览器生成”,如图

image.png

(按照该网页要求的指定位置,将两个验证文件ftp到你的网站服务器,能用http访问到这两个文件即可)

4. 下载文件:

image.png

5. 下载后,得到full_chain.pem和private.key这两个文件,现在将他们上传到网站服务器的这个目录下:

/usr/local/nginx/cert/

6. 回到centos,修改nginx的配置文件:

nano /usr/local/nginx/conf/nginx.conf

    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

改为:

    # HTTPS server
    #
    server {
        listen       443 ssl;
        server_name  localhost;

        ssl_certificate      /usr/local/nginx/cert/full_chain.pem;
        ssl_certificate_key  /usr/local/nginx/cert/private.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

        location / {
            root   html;
            index  index.html index.htm;
        }
    }
  • 防火墙开通https服务:

firewall-cmd --add-service=https --permanent

  • 开通443端口:

firewall-cmd --zone=public --add-port=80/tcp --permanent

  • 刷新并查看:

firewall-cmd --reload
firewall-cmd --list-all

应该显示如下:

public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources:
  services: dhcpv6-client http https ssh
  ports: 80/tcp 443/tcp
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:
  • 重启nginx服务器:

systemctl restart nginx

  • 验证ssl证书是否工作正常:

https://myssl.com/ssl.html

  • 如见上图,大功告成。

你可能感兴趣的:(freessl 免费https证书申请)